Microsoft deals in "security by obscurity" and cannot be trusted to close security loopholes, according to one of its major security partners.
Garry Sidaway, senior consultant at security software specialist Axent, said at last week's Networks 98 show in Birmingham, UK that Microsoft fails to address real security issues in its patches for NT.
Sidaway said: "They will say 'we are Microsoft so trust us', but some of the patches they provide do not address the issues."
He said that in some cases, such as the 'Teardrop' attack that crippled networks across the US in March, the patch initially issued by Microsoft dealt with the specific attack but failed to address its ramifications.
"It is security by obscurity because they do not tell you what is going on in that environment," added Sidaway.
Earlier this month US security expert Bruce Schneier discovered flaws in the Internet protocol used by NT to create virtual private networks, which he claimed Microsoft had been aware of for over a year. Microsoft admitted it had known about the flaws, but said many of the issues had been addressed. It then released additional fixes.
Microsoft product manager David Bridger denied deliberate secrecy about security issues: "We are as open as we possibly can be," he said. "Security is a continual process where someone will identify a particular issue and we respond as quickly as possible."
Steve Ranger is a reporter on Computing.
Also, what's a USB stick?
Gravitational waves become extremely weak by the time they reach the Earth and require highly sensitive equipment for detection
The reactor topped out at 100 million° C
Cosmic event will not cause any disruption on Earth, say scientists